In recent, as wire/wireless communication technology is drastically developed and various communication services are extensively used, security programs of communication networks become a very important issue. In terms of protections for confidential and personal information related to nations, businesses, and finances, the importance of communication network security becomes gradually increased. The latest most remarkable quantum cryptography method for resolving security limitations for various communications guarantees its stability by a theory of quantum mechanics, i.e., the fundamental truth of nature. Therefore, this method is a kind of a communication security method for making packet tapping and monitoring absolutely impossible. That is, the quantum cryptography method is a method for absolutely safely distributing a secret key for encrypting and decrypting the transmitted data between a transmitter and receiver based on a law of quantum physics such as no-cloning theorem. Additionally, the quantum cryptography technology is well known as quantum key distribution (QKD) technology.
A review paper <<Quantum Cryptography>>, Rev, Mod. Phyx. Vol. 74, pp. 145-195 (2002) published in 2002 by N. Gisin, G. Ribordy, W. Tittel, H. Zbinden, et al. describes a typical quantum cryptography or quantum key distribution method in detail. According to this review paper, the generally well known quantum cryptography or quantum key distribution method includes BB84, B92, and EPR protocol. Typically, a paper <<Quantum Cryptography: Public key distribution and coin tossing>>, Proc. IEEE Int. Conf. on Computers, Systems and Signal Processing, Bangalore, India, pp. 175-179 (IEEE, New York, 1984) published in 1984 by Charles Bennettt and Gilles Brassard discloses a method known as a BB84 protocol. This method uses four quantum states (e.g., a polarization state of a photon such as 0° 90° 45° and 135° constituting two bases. That is, a transmitter Alice randomly selects one of two bases, and also randomly selects one of two quantum states (one bit value of a secret key), i.e., 0 or 1 of the selected basis, and then transmits it to the receiver Bob through a quantum channel. For instance, consider the case where (0° and 90°) basis and (45° and 135°) basis, i.e., a polarization state of a single photon, are used. And suppose that 0° and 45° represent a bit value 0, and 90° and 135° represent a bit value 1. Then, if the basis that the transmitter Alice randomly selects and the bit value that the transmitter Alice randomly selects are (0° and 90°) basis and 1, respectively, the transmitter Alice transmits a single photon with polarization state of 90° to the receiver Bob through the quantum channel. The receiver Bob receiving the single photon randomly selects one of two bases and also measures a quantum state of the received single photon through the selected basis. After the receiver Bob finishes measurement, the transmitter Alice and the receiver Bob announce the basis that they select at random to each other through a classical channel. Here, if the basis that the transmitter Alice selects and the basis that receiver Bob are the same, because the result that the receiver Bob measures is identical to a quantum state that the transmitter Alice randomly selects, two users Alice and Bob have the same bit value. A bit string including bit values extracted when the transmitter Alice and the transmitter Bob select the same basis by repeating the above processes is also called as a sifted key. The sifted key is finally used as a secret key after a post-processing procedure such as error correction and privacy amplification. If an eavesdropper tries to eavesdrop in the middle of communication, errors occur in the sifted key that two users Alice and Bob obtain based on the fundamental principle of quantum mechanics. The transmitter Alice and the receiver Bob announce a portion of the sifted key such that an error ratio is calculated to determine whether there is an eavesdropper or not.
However, these quantum key distribution methods may expose a part of a secret cryptography key to the eavesdropper Eve, due to noise of a quantum channel or each of imperfect components constituting a system during communication. Accordingly, to guarantee the absolute security of the quantum cryptography key distribution method, analysis research for limiting various tapping methods that an eavesdropper can try and an amount of information that an eavesdropper can obtain are under development.
For example, because there is no ideal single photon source currently, to actually realize a quantum key distribution method such as the BB84 protocol, weak coherent light (WCL) pulse is widely used. In this case, there is possibility that a multi-photon pulses not in a single photon state may be transmitted through a quantum channel. Additionally, the physically realized quantum channel has a loss actually. The eavesdropper may eavesdrop using actual network imperfection during communication. That is, the eavesdropper performs quantum non-demolition measurement (QND) on an optical pulse transmitted through a quantum channel thereby determining the number of photons without giving disturbance to a quantum state of a photon.
If the number of photons is 1, the eavesdropper discards the photon. If the number of photons is more than 2, the eavesdropper separates the photons and stores a portion of the photons. The remaining photons are transmitted to the receiver Bob. At this point, the eavesdropper replaces a portion or an entire of the quantum channel with a quantum channel having no loss, and appropriately controls the number of photons to be stored being separated from when a photon is discarded.
Thus, the transmitter Alice and the receiver Bob may not notice the existence of the eavesdropper Eve. After the transmitter Alice and the receiver Bob performs basis comparison through a classical channel, the eavesdropper performs appropriate quantum measurement on the stored photons based on collected information from the classical channel, thereby safely obtaining information for a secret key without detection.
This eavesdropping method is called a photon number splitting (PNS) attack. As the loss of a quantum channel increases, the probability that the PNS attack becomes successful increases. Therefore, the distance of a quantum channel where a quantum cryptography key can be safely distributed is limited. Typical quantum cryptography methods such as the BB84 protocol are vulnerable for this PNS attack such that a distance through which the secret key can be safely transmitted is limited.
A coherent attack known as the most general and comprehensive method among various eavesdropping methods that the eavesdropper can try proceeds as follows. After preparing a probe for eavesdropping, the eavesdropper let interacts the probe with photons (transmitted through a quantum channel), and then stores certain information for quantum state of photons as a quantum state of the probe based on a result of the interaction.
When the transmitted Alice and the receiver Bob complete all of a public discussion process such as base comparison, error correction and secret amplification through a classical channel, the eavesdropper performs an appropriate measurement on its own probe based on information collected through the public classical channel in order to obtain the maximum information about a cryptography key within a range that does not violate a rule of quantum mechanics.
With respect to this coherent attack, the above-mentioned quantum cryptography key distribution methods load a secret key into a quantum state of a photon, and then actually transmit the photon through a quantum channel, such that the eavesdropper can always access the photon. That is, there is a weak point in that the eavesdropper can always access the entire quantum states of a single photon.
On the other hand, an operation for confirming a quantum channel is commonly required first for the eavesdropper to try to eavesdrop about a cryptography key value. At this point, because the typical quantum cryptography key distribution methods actually transmit a photon through a quantum channel as mentioned above, the eavesdropper can in principle safely find out the quantum channel without being detected.
That is, a state where a photon exist and a vacuum state where a photon does not exist are orthogonal to each other. According to quantum mechanics, two orthogonal quantum states can be distinguished from each other without causing any disturbance. The typical quantum cryptography key distribution methods have a limitation in that an eavesdropper can identify a quantum channel without being detected.